Many phishing campaigns target users of popular websites. As Amazon remains the most popular online retailer, the brand makes a good cover for cybercriminals to mask their phishing emails. As many of us have Amazon accounts, it makes us more  susceptible to a malicious email which appears to originate from the retailer. As most of the phishing emails utilize fear-based tactics, such as displaying an unwanted purchase which requires user intervention to cancel or an announcement that the your account has been compromised, there have been many phishing campaigns utilizing Amazon’s brand identity. 

This week Graham Cluley reported a phishing email with the subject line “Your Amazon.com order confirmation for <email address>” which claims to confirm an expensive order the user never made, in this case a $642 order for a new iPhone 6. The email in this example comes with a Microsoft Word attachment titled “amazon_invoice_991773782.doc.” Some phishing email attempt to trick the user into clicking a link that would then direct them to a fake login page, in an effort to steal credentials, or to a URL which would deploy malicious programs to the visitor. In this case, the purpose of the email is to coerce the user to open the attachment. According to Cluley, the attachment “comes boobytrapped with a Trojan horse (you can see what various anti-virus products identify it as via this VirusTotal report - in the last 18 hours or so, many anti-virus products appear to have been updated to identify it).” The fear tactics in this campaign could lead a user to investigate the purchase by clicking on the attached file, though it should be noted that Amazon confirmation emails never contain Microsoft Word attachments.

The phishing alert website millersmiles.co.uk reports another Amazon phishing email from earlier this week with the subject line “Your Amazon Account Has Been Compromised.” The email asks you to verify your account information by clicking the link contained therein, which takes users to a fake Amazon page wherein the user can enter their details, which will then be received by the perpetrators of the phishing campaign. In the same way that Amazon never sends its users Microsoft Word attachments as per above, they also never ask their users for personal details in this manner. 

Last month, Malwarebytes reported a similar phishing campaign targeting Amazon users. In that instance, the phishing emails announced that Amazon had suffered a data breach and asked users to verify their account details as a matter of diligence. Similar to the aforementioned campaign, the emails directed users to a spoofed Amazon website and attempted to collect personal information through the web form.